document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

wcnnbdk1 translated 20170509 ssh_scan – Verifies Your SSH Server Configuration and Policy in Linux.md

Browse Source
This commit is contained in:
Jinwen Zhang 2017-06-04 11:50:42 +08:00
parent 102c6986c9
commit a1f6e9b6a7
1 changed files with 35 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
sources/tech/20170509 ssh_scan – Verifies Your SSH Server Configuration and Policy in Linux.md → translated/tech/20170509 ssh_scan – Verifies Your SSH Server Configuration and Policy in Linux.md
View File

@ -1,45 +1,43 @@
wcnnbdk1 translating
ssh_scan Verifies Your SSH Server Configuration and Policy in Linux
ssh_scan - 在 Linux 中验证你 SSH 服务的配置和策略
============================================================
ssh_scan 是一个面向 Linux 和 UNIX 服务器的 SSH 服务参数配置和策略的扫描器程序原型,灵感来自[Mozilla OpenSSH 安全指南][6],这个指南为 SSH 服务参数配置提供了一个可靠的安全策略基线建议参考如加密算法Ciphers报文认证信息码算法MAC密钥交换算法KexAlgos和其它。
ssh_scan is an easy-to-use prototype SSH configuration and policy scanner for Linux and UNIX servers, inspired by [Mozilla OpenSSH Security Guide][6], which provides a reasonable baseline policy recommendation for SSH configuration parameters such as Ciphers, MACs, and KexAlgos and much more.
它有如下好处:
It has some of the following benefits:
* 它的依赖是最小化的ssh_scan 只引入了本地 Ruby 和 BinData 来进行它的工作,没有太多的依赖。
* It has minimal dependencies, ssh_scan only employs native Ruby and BinData to do its work, no heavy dependencies.
* 它是可移植的,你可以在其它的项目中使用 ssh_scan 或者将它用在[自动化任务][1]上。
* Its portable, you can use ssh_scan in another project or for [automation of tasks][1].
* 它是易于使用的,只需要简单的将它指向一个 SSH 服务就可以获得一个包含这个服务所支持选项和策略状态的 JSON 格式报告。
* Its easy to use, simply point it at an SSH service and get a JSON report of what it supports and its policy status.
* 它同时也是易于配置的,你可以创建适合你策略需求的策略。
* Its also configurable, you can create your own custom policies that fit your specific policy requirements.
**建议阅读:** [如何在 Linux 上安装配置 OpenSSH 服务][7]
**Suggested Read:** [How to Install and Configure OpenSSH Server in Linux][7]
### 如何在 Linux 上安装 ssh_scan
### How to Install ssh_scan in Linux
有如下三种安装 ssh_scan 的方式:
There are three ways you can install ssh_scan and they are:
To install and run as a gem, type:
使用 Ruby gem 来安装运行,如下:
```
----------- On Debian/Ubuntu -----------
----------- Debian/Ubuntu -----------
$ sudo apt-get install ruby gem
$ sudo gem install ssh_scan
----------- On CentOS/RHEL -----------
----------- CentOS/RHEL -----------
# yum install ruby rubygem
# gem install ssh_scan
```
To run from a [docker container][8], type:
使用[docker 容器][8]来运行,如下:
```
# docker pull mozilla/ssh_scan
# docker run -it mozilla/ssh_scan /app/bin/ssh_scan -t github.com
```
To install and run from source, type:
使用源码安装运行,如下:
```
# git clone https://github.com/mozilla/ssh_scan.git
@ -53,29 +51,29 @@ To install and run from source, type:
# ./bin/ssh_scan
```
### How to Use ssh_scan in Linux
### 如何在 Linux 上使用 ssh_scan
The syntax for using ssh_scan is as follows:
使用 ssh_scan 的语法如下:
```
$ ssh_scan -t ip-address
$ ssh_scan -t server-hostname
$ ssh_scan -t ip地址
$ ssh_scan -t 主机名
```
For example to scan SSH configs and policy of server 92.168.43.198, enter:
举个例子来扫描 192.168.43.198 这台服务器的 SSH 配置和策略,键入:
```
$ ssh_scan -t 192.168.43.198
```
Note you can also pass a [IP/Range/Hostname] to the `-t` option as shown in the options below:
注意你同时也可以像下方展示的给 `-t` 选项传入一个[IP地址/地址段/主机名]
```
$ ssh_scan -t 192.168.43.198,200,205
$ ssh_scan -t test.tecmint.lan
```
##### Sample Output
##### 输出示例
```
I, [2017-05-09T10:36:17.913644 #7145] INFO -- : You're using the latest version of ssh_scan 0.0.19
@ -192,25 +190,25 @@ I, [2017-05-09T10:36:17.913644 #7145] INFO -- : You're using the latest version
]
```
You can use `-p` to specify a different port, `-L` to enable the logger and `-V` to define the verbosity level as shown below:
你可以使用 `-p` 选项来指定不同的端口,`-L` 选项来开启日志记录配合 `-V` 选项来指定日志级别:
```
$ ssh_scan -t 192.168.43.198 -p 22222 -L ssh-scan.log -V INFO
```
Additionally, use a custom policy file (default is Mozilla Modern) with the `-P` or `--policy [FILE]` like so:
另外,可以使用 `-P``--policy` 选项来指定一个策略文件(默认是 Mozilla Modern这里的 Modern 可能指的是 https://wiki.mozilla.org/Security/Server_Side_TLS 中提到的 Modern compatibility 吧
```
$ ssh_scan -t 192.168.43.198 -L ssh-scan.log -V INFO -P /path/to/custom/policy/file
```
Type this to view all ssh_scan usage options and more examples:
ssh_scan 使用帮助与其它示例:
```
$ ssh_scan -h
```
##### Sample Output
##### 输出示例
```
ssh_scan v0.0.17 (https://github.com/mozilla/ssh_scan)
@ -245,33 +243,31 @@ ssh_scan -t 192.168.1.1 -P custom_policy.yml
ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml
```
Check out some useful artilces on SSH Server:
SSH 服务器相关参考阅读:
1. [SSH Passwordless Login Using SSH Keygen in 5 Easy Steps][2]
1. [使用 SSH Keygenssh-keygen五步实现 SSH 免密登录][2]
2. [5 Best Practices to Secure SSH Server][3]
2. [安全 SSH 服务器的 5 个最佳实践][3]
3. [Restrict SSH User Access to Certain Directory Using Chrooted Jail][4]
3. [使用 Chroot 来限制 SSH 用户进入某些目录][4]
4. [How to Configure Custom SSH Connections to Simplify Remote Access][5]
4. [如何配置 SSH 连接来简化远程登录][5]
For more details visit ssh_scan Github repository: [https://github.com/mozilla/ssh_scan][9]
如果需要更详细的信息可以访问 ssh_scan 的 Github 仓库:[https://github.com/mozilla/ssh_scan][9]
In this article, we showed you how to set up and use ssh_scan in Linux. Do you know of any similar tools out there? Let us know via the feedback form below, including any other thoughts concerning this guide.
SHARE[+][10][0][11][20][12][25][13] [![Ask Anything](https://www.tecmint.com/wp-content/themes/tecmint/images/help.png)][14]
(这里的一段删了,感觉留在这里有点怪,这种的话还是去原文中留言就可以了吧,不知这样处理是否合适)
--------------------------------------------------------------------------------
作者简介:
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.
Aaron Kili 是 Linux 与 F.O.S.S (自由及开源软件)爱好者,一位将来的 Linux 系统管理员,网站开发者,现在是一个热爱与计算机一起工作并且拥有强烈知识分信念的 TecMint 内容贡献者。
------------------
via: https://www.tecmint.com/ssh_scan-ssh-configuration-and-policy-scanner-for-linux/
作者:[Aaron Kili ][a]
译者:[译者ID](https://github.com/译者ID)
译者:[译者ID](https://github.com/wcnnbdk1)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
@ -286,11 +282,4 @@ via: https://www.tecmint.com/ssh_scan-ssh-configuration-and-policy-scanner-for-l
[7]:https://www.tecmint.com/install-openssh-server-in-linux/
[8]:https://www.tecmint.com/install-docker-and-learn-containers-in-centos-rhel-7-6/
[9]:https://github.com/mozilla/ssh_scan
[10]:https://www.tecmint.com/ssh_scan-ssh-configuration-and-policy-scanner-for-linux/#
[11]:https://www.tecmint.com/ssh_scan-ssh-configuration-and-policy-scanner-for-linux/#
[12]:https://www.tecmint.com/ssh_scan-ssh-configuration-and-policy-scanner-for-linux/#
[13]:https://www.tecmint.com/ssh_scan-ssh-configuration-and-policy-scanner-for-linux/#
[14]:https://www.tecmint.com/ssh_scan-ssh-configuration-and-policy-scanner-for-linux/#comments
[15]:https://www.tecmint.com/author/aaronkili/
[16]:https://www.tecmint.com/10-useful-free-linux-ebooks-for-newbies-and-administrators/
[17]:https://www.tecmint.com/free-linux-shell-scripting-books/